SSH

Secure Shell or SSH is a network protocol that allows data to be exchanged over a secure channel between two computers. Encryption provides confidentiality and integrity of data. SSH uses public-key cryptography to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary.
In short, SSH allows you to connect to your board from a remote PC using a secured/encrypted Ethernet connection.

Connection with public/private key

You can also connect to your system without needing a password.
You only have to let the system know your host's public SSH key.

First, in directory /root, on your system, if you don't have a directory .ssh, create it:

# mkdir /root/.ssh

Then you must give it the correct rights:

# chmod 750 /root/.ssh

Now, if not already existing, create the file authorized_keys in /root/.ssh:

# touch /root/.ssh/authorized_keys

Edit the file authorized_keys (with nano for instance) and copy-paste in it your host computer's public key contained in the file ~/.ssh/id_dsa.pub.

You can test your SSH connection by running the following command on your host PC (replace 192.168.0.3 with your board IP):

$ ssh root@192.168.0.3
The authenticity of host '192.168.0.10 (192.168.0.10)' can't be established.
RSA key fingerprint is 7c:4b:e4:9c:6d:ea:6d:ca:ed:36:39:26:91:f9:82:30.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.10' (RSA) to the list of known hosts.

OpenSSH

OpenSSH is a tool that allows securized communications between two computers. It can be used to create a securized tunnel between two ports of the connected computers. All datas that go through this tunnel are encrypted.

Setup

Host PC (Ubuntu)

First you have to install telnetd to accept telnet connection from target and Wireshark, a network scanning tool, to check the data encryption :

You have to connect to localhost because SSH will automatically redirect it to the address you specified when creating the tunnel.

When you enter the password to connect to your host, check in Wireshark that you can't see the protocol name (Telnet in our example) nor the password in the datagrams. You must only see the TCP protocol and crypted datas.

Note: If you use an APF27 PPS configured board, you can use the script test_ssh_tunnel.sh to test the OpenSSH tunnel.